Of the many uses of the Internet, one of the more common ones is to access content on a remote server, such as a World Wide Web server. Typically, a person operates a client device to access content on a remote origin server over the Internet. The client may be, for example, a personal computer (PC) or a handheld device such as a personal digital assistant (PDA) or cellular telephone. The client often includes a software application known as a browser, which can provide this functionality. A person using the client typically operates the browser to locate and select content stored on the origin server, such as a web page or a multimedia file. In response to this user input, the browser sends a request for the content over the Internet to the origin server on which the content resides. In response, the origin server returns a response containing the requested content to the client, which outputs the content in the appropriate manner (e.g., it displays the web page or plays the audio file). The request and response may be communicated using well-known protocols, such as transmission control protocol/Internet protocol (TCP/IP) and hypertext transfer protocol (HTTP).
For a variety of reasons, it may be desirable to place a device known as a proxy logically between the client and the origin server. For example, organizations often use a proxy to provide a barrier between clients on their local area networks (LANs) and external sites on the Internet by presenting only a single network address to the external sites for all clients. A proxy normally forwards requests it receives from clients to the applicable origin server and forwards responses it receives from origin servers to the appropriate client. A proxy may provide authentication, authorization and/or accounting (AAA) operations to allow the organization to control and monitor clients' access to content. A proxy may also act as (or facilitate the use of) a firewall to prevent unauthorized access to clients by parties outside the LAN. Proxies are often used in this manner by corporations when, for example, a corporation wishes to control and restrict access by its employees to content on the Internet and to restrict access by outsiders to its internal corporate network. This mode of using a proxy is sometimes called “forward proxying”.
It is also common for a proxy to operate as a cache of content that resides on origin servers; such a device may be referred to as a “proxy cache”. An example of such a device is the NetCache product designed and manufactured by Network Appliance, Inc. of Sunnyvale, Calif. The main purpose of caching content is to reduce the latency associated with servicing content requests. By caching certain content locally, the proxy cache avoids the necessity of having to forward every content request over the network to the corresponding origin server and having to wait for a response. Instead, if the proxy cache receives a request for content which it has cached, it simply provides the requested content to the requesting client (subject to any required authentication and/or authorization) without involving the origin server.
Proxy caches may be used by corporations and other institutions in the forward proxying mode, as described above. Proxy caches are also commonly used by high-volume content providers to facilitate distribution of content from their origin servers to users in different countries or other geographic regions. This scenario is sometimes called “reverse proxying”. As an example of reverse proxying, a content provider may maintain proxy caches in various different countries to speed up access to its content by users in those countries and to allow users in different countries to receive content in their native languages. In that scenario the content provider “pushes” content from its origin servers to its proxy caches, from which content is provided to clients upon request.
Often a proxy cache is one of a number of proxy caches distributed on the Internet in a defined logical hierarchy known as a “cache hierarchy”. Typically, each proxy cache has knowledge of the other proxy caches in the cache hierarchy. Consequently, when a proxy cache receives a content request but does not have the requested content cached locally (a “cache miss”), it may forward the request to another proxy cache in the hierarchy according to a predefined forwarding scheme. Assuming a proxy cache in the hierarchy has the requested content, the latency in servicing the request generally will still be lower than if the request had to be passed all the way to the origin server.
One problem with proxy caches in the known prior art is that they provide only crude control over how requests are forwarded. A proxy cache according to the known prior art typically uses a small number of (e.g., four or five) control variables to control request forwarding. These control variables interact with each other in complex, non-intuitive ways, making it very difficult for users (e.g., network administrators) to control the manner in which the proxy cache forwards requests. As a result, there tends to be an undesirably high number of support calls to the vendor of the proxy cache when users are unable to properly configure their devices. These prior art proxy caches also provide no ability to control the sequence in which forwarding rules are applied to a request. In addition, such devices make it difficult to add functionality after deployment, because doing so normally requires adding one or more control variables, which must work in conjunction with the previously-programmed control variables. Making such a change causes testing and validation of the proxy cache to become more difficult and complex. What is needed, therefore, is a technique which overcomes these disadvantages of the prior art.